https://bugzilla.wikimedia.org/show_bug.cgi?id=64959
Bug ID: 64959
Summary: MobileFrontend: Trying to create a username with a
hash in should present the user with an error
Product: MobileFrontend
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: General/Unknown
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected], [email protected],
[email protected]
Web browser: ---
Mobile Platform: ---
If you try to create a username that has a hash in, we've got three totally
different behaviours on four platforms:
1) Desktop: Refuses to create username because it has a hash in it.
2) iOS App: Lets you create the username, but silently truncates everything
including and after the hash, then fails to log you in saying that you provided
an illegal username because it tried to log you in to the username that has a
hash in.
3) Android App and Mobile Web: Lets your create the username, but silently
truncates everything including and after the hash, then logs you in
successfully to the truncated username.
If desktop doesn't let you create these usernames then neither should any of
our mobile platforms.
I'm unclear what the correct engineering solution is though. Do we change the
API used to create accounts to error if you try to include hashes (instead of
silently truncating and creating), or do we just include client-side validation
to disallow hashes?
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
